Let's talk about Records Management

After reading a recent article in Computerworld, I thought it might be important to have a discussion about what Records and Information Management (RIM) is from the perspective of a RIM Professional that's been in the field for 35 years.  During this time, there have been many changes to the process made necessary by the explosion of electronic format information (beginning for business actually in the early 1980s), but the practices and principles of RIM have essentially remained unchanged.

The object has always been to assign a value to information consistent with it's need for business and to retain it and maintain its availability for the period established for its retention.  Retention periods are based on a combination of factors:

• Legal, Statutory, or Regulatory requirements (Federal, State, County, City, or in some cases, International)
• Business Needs that may exceed those
• An evaluation of possible legal or financial risks of retaining information beyond required periods
• Any possible historic, enduring, or intrinsic value of the information for reference purposes

What defines information as a "record" can differ depending on the industry segment, business type, degree of regulation, or geographical setting you work in.  In general, (fore most businesses) it's anything that documents a decision, transaction, or provides guidance to others.  For anyone working in a Federal Agency or as Contractor to a Federal Agency, the definition comes from the US Code 44USC 3301 and it is rather specific.  The important things to note in this definition though is: "...regardless of physical form or characteristics..." because that means it applies to paper, electronic, microforms or any other material the "record" resides in/on.

This is critical for the people in IT to understand, that irrespective of the problems caused by the need to retain information that is defined as a record for periods that may exceed 50 or 75 years, it is now their responsibility to find methods to accommodate those needs.  And the records must remain viable, verifiable, able to be authenticated,  and accessible in a reasonable amount of time for as long as required to be retained.  About the only aspect of that list subject to any form of interpretation is "accessible in a reasonable amount of time", but what is reasonable is determined by who sets the requirement (SEC, HIPAA, FRCP, etc.)  

With the volume of information being produced electronically increasing exponentially, it is even MORE critical for RIM professionals to be involved in assisting in establishing criteria for identifying the percentage of information that meets the definition of "record" and to determine methods for classifying and managing this information independent of the general population of information.  In some instances, a majority of information may have a 2-3 year required retention, such as correspondence or general business information, some procurement or financial information may need to be retained for 6-10 years, and a much smaller percentage of information may have longer term retention, in excess of 15 years.  In some highly regulated industries or in the Federal arena, there are some records that have a retention period that actually is permanent.  This period affects less than 10% of all records, in fact, the number is thought to be closer to 3-5%, but special care must be given to determining methods to migrate and convert this information periodically to avoid obsolescence and degradation of the media, storage formats,  and or hardware the records are stored on.

And much needs to be done to break down the communication barriers between RIM and IT, the dissimilar use of common terms that have distinct definitions in each practice.  Another problem is the desire to find more cost effective means of managing information over it's life cycle, a practice in RIM known as life cycle management, which is distinctly different than what the storage vendors are "branding" ILM.  It's not a product or a process, it's a PRACTICE and it isn't SOLVED by the application of technology.  Technology is just a tool that aids RIM in satisfying the requirements to manage the information as a record.

Another term that has seriously different meanings to IT and RIM is "archive".  IT seems to think of it as a verb, and it involves the relocation of information to different types of storage based on it's use patterns... if it's less frequently accessed, then it should be "archived".  The problem is, and RIMs are well aware of this, some records may not be routinely accessed for years, and are then considered "inactive", but all of the sudden, something changes and the reference patterns of records with retention periods that haven't been met adjust drastically and the records become "active" again.   In RIM, nothing is "archived" until it's retention period, which includes any business needs that exceed regulated periods, has been met.  And then, they are only sent to an archive if they are deemed to have historic, enduring, or intrinsic value to the organization.

To me, we're at a critical point in the management of information where everyone is beginning to understand the need to provide appropriate controls over information that exists in storage, and especially that information which meets the definition of a "record", and to successfully address these issues, RIM and IT need to work collaboratively.